The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Cyber Intelligence Tradecraft Project

Cyber intelligence. A phrase often used, but interpreted in many different ways. For the past year and a half, the SEI Emerging Technology Center (SEI ETC) researched the methodologies, processes, technology, and training of organizations across government, industry, and academia to clarify what it means to perform cyber intelligence. The SEI ETC defined cyber intelligence as the acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities to offer courses of action that enhance decision making.

The contents of this page discuss the study and its results through eight analytical products that aggregate the best practices of participating organizations to address observed systemic challenges with cyber intelligence tradecraft. The analytical products include a key findings report, three implementation frameworks for threat prioritization, collection management, and workforce development, a white paper on training and education, and three reference sheets for intelligence methodologies, open sources, and tools. Through these products, any organization, regardless of size or function, can leverage the knowledge of a diverse set of best practices to achieve the study's overall finding that successful organizations perform cyber intelligence by effectively balancing the need to protect network perimeters with the need to look beyond them for strategic insights.

The links below will take you to the different sections of this report:

Summary of Key FindingsThe aggregation of research into the methodologies, technologies, processes, and training of 30 cyber intelligence programs to capture best practices and lessons learned for challenges most organizations currently face.

Implementation Framework - Cyber Threat PrioritizationA holistic approach to prioritizing cyber threats by using a customized, tiered framework that focuses on the likelihood of threat actors executing an attack, the impact attack methods have on an organization, and the risk attack methods pose because of an organization's known vulnerabilities.

White Paper - CITP Training and EducationInsight into the core competencies and associated skills needed for cyber intelligence analysts, and how current training and education offerings align with these skills.